CA: A New Step into Security Management. eBusiness = business A cultural shift — security is a part of the business fabric Security is prevention.

CA: A New Step into Security Management

Antivirus

The Theory of “Defense in Depth” (DiD)

A

B

C

D

F

Information

Security

Readiness

ApplicationGateway

Network and HostIntrusion Detection Systems (IDS)

Physical Security

Content Filters

Identity Management Access Control

Typical DiD Mix of Products

Quantity and Sophistication of Solutions

More = better, right?

Firewalls

Antivirus Logs

A

B

C

D

F

No Information Sharing Between Products

Unmanageable Signal/Noise Ratio

Information

Security

Readiness

Application GatewayLogs

Network and HostIDS Logs

Physical Security Logs

Content Filters

Identity Management LogsAccess Control

Security Data Diminishes Security Readiness

The Reality of “Defense in Depth”

Firewall Log

More = Less

Do the Math

Millions of Events/

Day =

SecurityInformation

Overload

Millions of Events/

Day =

SecurityInformation

Overload

Security Solutions

Multiple Antivirus Vendors

Firewall

VPNs

Access Control

Web Access Control

Intrusion Detection

User Administration

Public Key Infrastructure

Vulnerability Tools

Alarms/Alerts

Security Solutions

Multiple Antivirus Vendors

Firewall

VPNs

Access Control

Web Access Control

Intrusion Detection

User Administration

Public Key Infrastructure

Vulnerability Tools

Alarms/Alerts

Platforms

MS Windows 9x

NT/2000/2003

MS Windows XP

Linux

UNIX

z/OS

Embedded System

Platforms

MS Windows 9x

NT/2000/2003

MS Windows XP

Linux

UNIX

z/OS

Embedded System

Number of

Servers

Gateways

Desktops

PDAs

Phones

Mobile Handhelds

Number of

Servers

Gateways

Desktops

PDAs

Phones

Mobile Handhelds

Applications

Sap

Oracle

PeopleSoft

WebLogic

Apache

IIS

External

Internaal

Shared

Applications

Sap

Oracle

PeopleSoft

WebLogic

Apache

IIS

External

Internaal

Shared

Number

of

Users

Number

of

Users

x x x x =

Control Access to Resources

Manage Vulnerabilities and Content

Manage Users

What is eTrust™?

Managing Security Information Overload

eTrust™

Partner Quote

“CA’s eTrust Security Command Center fits very well within our overall solutions strategy, and is something we’re very excited to add to our portfolio of offerings. Many of our clients talk about the need to bring logic and order to the overwhelming amount of security-related data they deal with on a daily basis, and products like CA’s eTrust Security Command Center are a big step toward making this a reality.”

Mark DollAmericas DirectorSecurity and Technology SolutionsErnst & Young

eTrust SCC

Operational & Situational Awareness

Third-Party

Integrations

Role-Based Views

eTrust SCC

Reports

Manage UsersManage

Vulnerabilities and Content

Control Access to Resources

eTrust™

NetworkForensics

eTrust™

NetworkForensics

Introducing eTrust™ Network Forensics

eTrust Network Forensics Value Proposition– Mitigate risks through proactive network security analysis

– Provide holistic insight into nodal communications to help enable regulatory and corporate policy compliance through early detection of misuse and abnormal behavior

– Complement existing security solutions with powerful visualization rendering and analysis during forensic investigations

Managing Risk and Protecting Value– Data collection and visualization for network security forensics

– Pattern and content analysis

– Forensic analysis and investigation

eTrust Network Forensics Value Proposition

Note: The entire eTrust Network Forensics system methodology is protected by PAT SR 6,304,262 and SR 6,269,447 eTrust Network Forensics components

Data collection and visualization– Monitor and analyze data from all seven layers of the Open Systems

Interconnection (OSI) stack

– Binary tree ontology for knowledge base

– TCP dump recording: records traffic being monitored in an unprocessed state for forensic evidence

Pattern and content analysis– “Intelligence-grade” traffic analysis

– Binary-level, n-gram analysis

– Functions irrespective of language

Forensic analysis and investigation– Visual arrangement production that includes source, destination, time,

type and duration of communication

– Monitor and record content

Key Features

A Picture is Worth a Thousand Words

Profile– A computer crime investigations company servicing Wall Street firms

– Focuses on post-incident forensic analysis

Issue– Costly and time-consuming effort to provide investigation services

– Manual aggregation and correlation of logs to identify issues, breaches and patterns

– Labor-intensive, manual generation of credible evidence

Action taken– Deployed eTrust Network Forensics at customer sites

Result– Rapidly identified “trouble spots” through visual cues

– More quickly identified abnormal traffic behavior through link-node correlative analysis

– Enabled incident sequencing to understand event propagation

Computer Crime Investigators

VPN Traffic Events

Overlay Intrusion Detection

System Alerts

Blocked FirewallTraffic

eTrust Network Forensics Analyzer Example: Event Correlation

More than 100 customers

– More than 20 customers are government security agencies/departments

Significant presence in regulated or IP-intensive industries, such as health care and financial services

eTrust Network Forensics Customers

Thank you